General
-
Target
866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc
-
Size
12.2MB
-
Sample
210320-3ndwxm4phj
-
MD5
a5f6b6e95ef8a26081259813ca18e17b
-
SHA1
242bc043057bb12e27a9fe4db20d6bdb953cbc11
-
SHA256
866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc
-
SHA512
479f7f546102a45183a8ff5c3790518539d2a1baf1e9ab257612e59154061f7aa2204b17d28d233b7ca8899e200d3d227855b6f5fcca48afcc962c47f754211f
Static task
static1
Behavioral task
behavioral1
Sample
866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc.exe
Resource
win10v20201028
Malware Config
Extracted
C:\decrypt_file.TxT
support_blackkingdom2@protonmail.com
1Lf8ZzcEhhRiXpk6YNQFpCJcUisiXb34FT
Extracted
C:\decrypt_file.TxT
support_blackkingdom2@protonmail.com
1Lf8ZzcEhhRiXpk6YNQFpCJcUisiXb34FT
Targets
-
-
Target
866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc
-
Size
12.2MB
-
MD5
a5f6b6e95ef8a26081259813ca18e17b
-
SHA1
242bc043057bb12e27a9fe4db20d6bdb953cbc11
-
SHA256
866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc
-
SHA512
479f7f546102a45183a8ff5c3790518539d2a1baf1e9ab257612e59154061f7aa2204b17d28d233b7ca8899e200d3d227855b6f5fcca48afcc962c47f754211f
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-